
Analysis and Improvement of Intrusion Detection Methods in Data Network Routers

Jamshidi, Mohammad Ali | 2016

653 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 48917 (05)
  4. University: Sharif University of Technology
  5. Department: Electrical Engineering
  6. Advisor(s): Aref, Mohammad Reza; Pakravan, Mohammad Reza
  7. Abstract:
  8. High-quality online services demand reliable and fast packet delivery at the network layer. However, clear evidence documents the existence of compromised routers in the ISP and enterprise networks, threatening network availability and reliability. A compromised router can stealthily drop, modify, inject, or delay packets in the forwarding path to launch Denial-of-Service, surveillance, man-in-the-middle attacks, etc. So researches tried to create intrusion detection methods to identify adversarial routers and switches. To this end, data-plane fault localization (FL) aims to identify faulty links and is an effective means of achieving high network availability. FL protocols use cryptography, traffic validation and stochastic analysis to identify and isolate faulty node. In this research, we analysed some of path-based and neighborhood-based FL protocols. Then we focused on Datacenter Fault Localization (DFL) and tried to improve that. We named our new protocol as Enhanced DFL (EDFL). EDFL incurs little computation overhead and a small, constant router state independent of the network size or the number of flows traversing a router. EDFL decrease latency by 50% Compared with DFL. Finally, we introduce a new attack named effective consecutive attack and securing EDFL against that
  9. Keywords:
  10. Intrusion Detection System ; Fault Location ; Data Network ; Neighborhood-based Methods ; Data Plane ; Effective Consecutive Attack

 Digital Object List
